On a Monday morning, the organization’s help desk receives calls from three user

Question

On a Monday morning, the organization’s help desk receives calls from three users on the same floor of a building who state that they are having problems with their wireless access. A network administrator who is asked to assist in resolving the problem brings a laptop with wireless access to the users’ floor. As he views his wireless networking configuration, he notices that there is a new access point listed as being available. He checks with his teammates and determines that this access point was not deployed by his team, so that it is most likely a rogue access point that was established without permission.

1. How many incident response team members would participate in handling this incident?

2. Besides the incident response team, what groups within the organization would be involved in handling this incident?

3. To which external parties would the team report the incident? When would each report occur? How would each report be made? What information would you report or not report, and why?

4. What other communications with external parties may occur?

5. What tools and resources would the team use in handling this incident?

6. What aspects of the handling would have been different if the incident had occurred at a different day and time (on-hours versus off-hours)?

7. What aspects of the handling would have been different if the incident had occurred at a different physical location (onsite versus offsite)?

Explanation / Answer

1st ANSWER :

The organization’s users state that they are having problems with their wireless networks and thus they call and the network admin starts looking into it.

Going through the problem, the network administrator sees that there is a new access point listed as being available and this was not deployed by his team.

Thus something which is network specific and the network team is not aware of, has to be a rogue access point which was established without permission and authorization.

Thus, this particular issue is an incident to the company or organization as there is a problem in the company’s network and it is a security issue.

This violates the organization’s policies such as – security policy, network policy, such that a rogue access point was setup indicated some unauthorized user’s access and confidentiality issue in the company network.

2nd ANSWER ;

Such incidents can be prevented by having robust security policies in the company and having adequate protection in the networking of the organization.

To prevent this type of incident from occurring or to limit its impact, we have to have monitoring and logging of the incidents 24x7, identifying the abnormal activities on the network, and resolving them.

To limit its impact we can have security software installed in all of the machines and also network access should be strict and not given to any internal user without authorization.

Related Questions

Navigate

• Browse (All)
• Browse O
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.